We point out that Hsu's recent cryptanalysis of Sun's remote user authentication scheme is flawed. We also comment on Chien et. al's scheme and give more practical attacks than those presented by Hsu in the same paper.